CVE-2026-42328 go-ipld-prime: DAG-CBOR and DAG-JSON decoders unbounded recursion depth

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

CVE-2026-9467 debugmcp mcp-debugger server.ts handleGetSourceContext path traversal

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The...

PT-2023-9005 · Artifex +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...

SUSE CVE-2020-2245

Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

The vulnerability of the Red Hat Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the subversion-0.27.0 package of the Red Hat Linux operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

PT-2004-3765 · Gtk+ · Gtk2 +1

Name of the Vulnerable Software and Affected Versions: gtk2 versions 2.4.4 and earlier gdk-pixbuf versions prior to 0.22 Description: The issue is related to multiple vulnerabilities in the gtk2 and gdk-pixbuf packages, which can lead to disruption of confidentiality, integrity, and availability ...